1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.argeo.jcr;
17
18 import java.security.Principal;
19 import java.util.ArrayList;
20 import java.util.HashMap;
21 import java.util.List;
22 import java.util.Map;
23
24 import javax.jcr.Repository;
25 import javax.jcr.RepositoryException;
26 import javax.jcr.Session;
27 import javax.jcr.security.AccessControlManager;
28 import javax.jcr.security.Privilege;
29 import javax.naming.InvalidNameException;
30 import javax.naming.ldap.LdapName;
31
32
33 public class JcrAuthorizations implements Runnable {
34
35
36
37 private Repository repository;
38 private String workspace = null;
39
40 private String securityWorkspace = "security";
41
42
43
44
45
46 private Map<String, String> principalPrivileges = new HashMap<String, String>();
47
48 public void run() {
49 String currentWorkspace = workspace;
50 Session session = null;
51 try {
52 if (workspace != null && workspace.equals("*")) {
53 session = repository.login();
54 String[] workspaces = session.getWorkspace().getAccessibleWorkspaceNames();
55 JcrUtils.logoutQuietly(session);
56 for (String wksp : workspaces) {
57 currentWorkspace = wksp;
58 if (currentWorkspace.equals(securityWorkspace))
59 continue;
60 session = repository.login(currentWorkspace);
61 initAuthorizations(session);
62 JcrUtils.logoutQuietly(session);
63 }
64 } else {
65 session = repository.login(workspace);
66 initAuthorizations(session);
67 }
68 } catch (Exception e) {
69 JcrUtils.discardQuietly(session);
70 throw new ArgeoJcrException(
71 "Cannot set authorizations " + principalPrivileges + " on workspace " + currentWorkspace, e);
72 } finally {
73 JcrUtils.logoutQuietly(session);
74 }
75 }
76
77 protected void processWorkspace(String workspace) {
78 Session session = null;
79 try {
80 session = repository.login(workspace);
81 initAuthorizations(session);
82 } catch (Exception e) {
83 JcrUtils.discardQuietly(session);
84 throw new ArgeoJcrException(
85 "Cannot set authorizations " + principalPrivileges + " on repository " + repository, e);
86 } finally {
87 JcrUtils.logoutQuietly(session);
88 }
89 }
90
91
92 @Deprecated
93 public void init() {
94 run();
95 }
96
97 protected void initAuthorizations(Session session) throws RepositoryException {
98 AccessControlManager acm = session.getAccessControlManager();
99
100 for (String privileges : principalPrivileges.keySet()) {
101 String path = null;
102 int slashIndex = privileges.indexOf('/');
103 if (slashIndex == 0) {
104 throw new ArgeoJcrException("Privilege " + privileges + " badly formatted it starts with /");
105 } else if (slashIndex > 0) {
106 path = privileges.substring(slashIndex);
107 privileges = privileges.substring(0, slashIndex);
108 }
109
110 if (path == null)
111 path = "/";
112
113 List<Privilege> privs = new ArrayList<Privilege>();
114 for (String priv : privileges.split(",")) {
115 privs.add(acm.privilegeFromName(priv));
116 }
117
118 String principalNames = principalPrivileges.get(privileges);
119 try {
120 new LdapName(principalNames);
121
122 Principal principal = getOrCreatePrincipal(session, principalNames);
123 JcrUtils.addPrivileges(session, path, principal, privs);
124 } catch (InvalidNameException e) {
125 for (String principalName : principalNames.split(",")) {
126 Principal principal = getOrCreatePrincipal(session, principalName);
127 JcrUtils.addPrivileges(session, path, principal, privs);
128
129
130
131
132
133
134
135
136 }
137 }
138 }
139
140
141
142
143 }
144
145
146
147
148
149
150 protected Principal getOrCreatePrincipal(Session session, String principalName) throws RepositoryException {
151 return new SimplePrincipal(principalName);
152 }
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201 @Deprecated
202 public void setGroupPrivileges(Map<String, String> groupPrivileges) {
203 this.principalPrivileges = groupPrivileges;
204 }
205
206 public void setPrincipalPrivileges(Map<String, String> principalPrivileges) {
207 this.principalPrivileges = principalPrivileges;
208 }
209
210 public void setRepository(Repository repository) {
211 this.repository = repository;
212 }
213
214 public void setWorkspace(String workspace) {
215 this.workspace = workspace;
216 }
217
218 public void setSecurityWorkspace(String securityWorkspace) {
219 this.securityWorkspace = securityWorkspace;
220 }
221
222 }